RFC8463 and signing hashes with ED25519
The DKIM base specification states for the k= flag “The "rsa" key type indicates that an ASN.1 DER-encoded [ITU-X660-1997] RSAPublicKey (see [RFC3447], Sections 3.1 and A.1.1) is being used in the "p=" tag.". The p= flag is a single, base64 encoded string.” The key-data is imported using gnutls_pubkey_import.
- Write in the documentation that gnutls_pubkey_import deals with ASN.1 data
RFC8463 extends the base DKIM specification: “The p= value in the key record is the Ed25519 public key encoded in base64.”
Passing the ed25519 key over gnutls_pubkey_import returns -73 (GNUTLS_E_ASN1_TAG_ERROR) in _asn1_strict_der_decode(), with the key from DNS TXT 201803e._domainkey.kitterman.com .
As RFC 8463 doesn’t say anything about ASN.1 I guess ed25519 is not ASN.1 DER encoded, contrary to RSAPublicKey.
What function shall be used to import that data? / How shall the key from DNS be imported into a public key, after the base64 decoding?
For gnutls_pubkey_import_ecc_raw() the documentation states “In EdDSA curves the y parameter will be NULL and the other parameters will be in the native format for the curve.” What are the other parameters? There is only one other parameter - “x”.